WAF

Protect your websites, applications and APIs from internet's worst vulnerabilities, threats and attacks worldwide.

Web
Application
Firewall

Reliable Application Security & DDoS Protection

Main cause of hacks and data leaks: WEB attacks

According to statistics, attacks on web applications are on the first place among the technological causes of information security incidents.

In most cases, it takes companies about 6 months to detect a data breach.

  • 100%
    of tested applications contain vulnerabilities
  • 70%
    of tested applications are not protected against DDoS attacks
  • 85%
    of tested applications contain vulnerabilities enabling attacks on users
  • 100+
    average number of vulnerabilities in a single application
  • 65%
    of perimeter intrusions lead to full control of data
  • $3,86
    million - average cost of a single data breach

A web app can be targeted by Cyber Criminals with different attacks.
Here you can see the top 6:

This action consists in extrapolating data from a website or a web application. Following recent stats, the 20% of the whole traffic is bad-bots-traffic. It means that potentially every website you browse could expose you to a data theft.
DDoS involves commanding numerous computers, typically compromised computers in a botnet, to bombard a targeted web server with requests, overloading its resources and rendering it unavailable to legitimate visitors. A DDoS attack bombs a system with requests and finally crashes it.
Involved in about 40 percent of web attack attempts in 2018. Is one of the most dangerous attacks as far as web applications are concerned. XSS typically involves inducing a website to execute arbitrary or malicious script code an attacker uploaded, usually because the site fails to properly sanitize user-submitted inputs. While the users clicks on the infected URL, he allows the hacker to have the access and obtain the personal data.
At about 24 percent of web attacks. An attacker enters malicious SQL code into a field on a web page and the server-side code submits it to the database without properly sanitizing it first. A successful SQLi attack can delete or change sensitive data or reveal it to the attacker.
Observed in about 4 percent of attacks, this is where the attacker uses directory traversal or a similar mechanism to induce the web application to execute a file residing elsewhere on the server.
It is an attack targeting vulnerabilities in web applications that dynamically reference external scripts. The perpetrator’s goal is to exploit the referencing function in an application to upload malware (e.g., backdoor shells) from a remote URL located within a different domain.

Keeping you safe with Cyber Security Group

Protect Your Applications from Top OWASP Vulnerabilities and More With Our WAF

  • Against SQL injection (SQLi)

    A small mistake in the code of the web-site can ultimately leads to the bigger damages. Protect your web-site, otherwise attacker uses such weakness to obtain unauthorized access to the information stored in the database.

  • Cross-Site Scripting (XSS)

    Block attackers from injecting client-side scripts into web pages to bypass typical access controls and dupe end users.

  • Local File Include (LFI)

    LFI is the class A1 threat of OWASP classification and one of the most dangerous site vulnerabilities. Operation of LFI poses the maximum threat to the attacked site, and in almost all cases leads to its hacking and data leakage.

  • Cross-Site Request Forgery (CSRF)

    If the victim is a normal user, a successful CSRF attack can force the user to perform state changing requests like transferring funds, changing their email address, and so forth. If the victim is an administrative account, CSRF can compromise the entire web application.

  • Remote File Include (RFI)

    RFI is the process of including remote files through the exploiting of vulnerable inclusion procedures implemented in the application.
    This can lead to: Code execution on the web server / Code execution on the client-side such as JavaScript which can lead to other attacks such as cross site scripting (XSS) / Denial of Service (DoS) / Sensitive Information Disclosure.

  • Remote code execution (RCE)

    A Remote Code Evaluation can lead to a full compromise of the vulnerable web application and also web server. It is important to note that almost every programming language has code evaluation functions.

  • Clickjacking

    Also known as a "UI redress attack". Is when an attacker uses layers to trick a user into clicking on a button or link on another page when they were intending to click on the the top level page. Using a similar technique, keystrokes can also be hijacked. A user can be led to believe they are typing in the password to their email or bank account, but are instead typing into an invisible frame controlled by the attacker. One of the most notorious examples of Clickjacking was an attack against the Adobe Flash, Twitter and Facebook's "Like" functionality.

  • DDoS/Layer 7 DDoS Attacks

    It is the largest and most common types of attacks. Application layer attacks require an adaptive strategy including the ability to limit traffic based on particular sets of rules, which may fluctuate regularly. Our WAF measures and analyzes all traffic coming through it; if a domain threshold, burst threshold, or sub-second burst threshold is exceeded the WAF suspects an attack and challenges traffic.

  • SPAM Protection

    Protection from SPAM filters the electronic mail system and in case of excessive demands, the intelligent system blocks SPAM, as well as filters e-mails and malicious addresses.

  • Proxy Protection

    Our security system can identify different types of Proxy, filter and ban the proxy users in case of need.

  • Virus Scanner

    If our WAF occurres a dangerous file on the server, the security system will automatically move the file to the quarantine, and the file will be deleted or restored only if the user makes the command from the security system.

  • Filtering

    It filters the traffic, which allows us to avoid the movement of unnecessary and undesirable packages on the web-site.

  • DNSBL Integration

    DNSBL Integration the blocker of IP addresses which are in DNS black list.

  • Tor Detector

    Immediately after the visitor is entered, it is possible to recognize whether the visitor uses anonymized network of Tor or not and it blocks the access to the server in case of need.

  • AdBlocker Detector

    AdBlocker blocks the undesirable advertising.

  • Ban System

    IP addresses which perform the attack of the web-site / server shall be banned and moved to the black list. At the same time, you are allowed to manage the above-mentioned IP addresses, block or remain the access right.

  • Bot Detector Anti Bot

    BDAB is the function that allows you to block any type of automated traffic. Bots can be used to collect the information on the web-site or vice-versa - to provide the information to the web-site.

  • Traffic Filtering

    It is possible to carry out the traffic filtering in order to avoid the exchange of undesirable packages as well as the system failure and damages.

  • Header Checker

    The intelligent system controls the traffic on the web-site, allows access to the web-site only for the real users and blocks the so-called BOT.

  • Auto BAN

    Auto Ban is an additional effective tool, the goal of which is to identify and block attempts of various types of unauthorized entries, various types of disorders or attacks on web-sites; automatically analyze and provide full data to the administrator about the violator person.

  • Log Monitoring

    Log Monitoring - fixes and submits to the administration the information about from which IP addresses has been performed the entrance, and what type of operation is performed on the web-site / server.

Ready to Protect Your APP?
Our WAF detects and mitigates attacks quickly, efficiently, and keep you ahead of tomorrow's threats.

LET'S CONNECT

Protection All Around the World

WAF runs in all of our edge locations around the world, providing your websites and applications global security in one single service. Every edge location of our network is included with every WAF subscription, with no additional charges for using the whole map or any specific region.

Need a customized WAF plan?

Contact us